Cryptocurrency users faced a shocking blow on Christmas Day when millions of dollars were reported missing from wallets linked to a popular browser extension. The incident, involving the Trust Wallet Chrome extension, sent alarm bells across the crypto community as users reported unauthorized access and sudden drains of their digital funds.
Widespread Wallet Drains Trigger Alarm
On December 25, users discovered that their wallets had been emptied within minutes. Reports came from various blockchain networks, including Ethereum, Bitcoin, and Solana, suggesting that the problem was not limited to a single platform. Many users said their funds vanished immediately after importing seed phrases into the Trust Wallet browser extension.
The issue was first flagged by on-chain investigator ZachXBT, who issued a community alert after receiving multiple independent reports from affected users. The timing of the loss coincided closely with a recent update to the browser extension, version 2.68, released on December 24. This raised concerns that the update may have been compromised, though the exact cause was not immediately confirmed. Losses were estimated to exceed $6 million, based on on-chain tracking of affected wallet addresses.
SEC quietly pulls back on crypto enforcement as Trump-linked companies catch a break
Several security researchers examined the extension code and found a suspicious JavaScript file within the update. The code appeared to act as an analytics tool but could monitor wallet activity. It seemed to activate whenever a seed phrase was imported and sent data to a newly created domain, which later became inaccessible. These findings suggested a possible compromise, though the investigation was still ongoing.
Trust Wallet Responds to Browser Extension Breach
Trust Wallet quickly responded to the reports, confirming that the issue affected only the browser extension version 2.68. Users were advised to disable the extension immediately. An updated version, 2.69, was released to fix the problem. Mobile users and other versions of the browser extension were reportedly not affected.
The incident highlighted the risks of using browser-based wallets. Unlike mobile or hardware options, browser extensions run in environments that are more exposed to potential attacks. This means that even if the core security remains strong, funds can be stolen if the device or extension is compromised.
🚨 BREAKING
TRUST WALLET IS HACKED!
SECOND MOST POPULAR CRYPTO WALLET IS EXPLOITED, HACKERS ARE DRAINING MILLIONS RIGHT NOW.
IMMEDIATELY WITHDRAW ALL YOUR FUNDS, REVOKE APPROVALS, AND REMOVE THE APP/EXTENSION! pic.twitter.com/urv3hvmcXT
— 0xNobler (@CryptoNobler) December 25, 2025
Users affected by the breach were warned to move remaining funds to new wallets created on secure devices. Experts also recommended avoiding unnecessary browser extensions, disconnecting devices from the internet if funds were at risk, and verifying all software through official sources only.
How the Breach Happened and What It Revealed
The breach illustrated the dangers of importing seed phrases into browser extensions. Seed phrases are critical keys that control access to cryptocurrency wallets. If these are entered into a compromised extension, attackers can gain immediate access to funds.
YouTube adds crypto-style payout option without volatility by integrating PayPal’s PYUSD
Reports suggested that hundreds of wallets were affected, with some losses as high as hundreds of thousands of dollars per user. The stolen funds moved quickly across multiple blockchain networks, showing that the attackers acted almost instantly after gaining access.
Security researcher ZachXBT shared lists of wallet addresses believed to be associated with the thefts and later updated that hundreds of victims may have been affected. His tracking helped confirm that the losses were widespread and not isolated cases.
The breach underscored the importance of careful handling of seed phrases and verifying wallet updates from trusted sources. It became a central topic in crypto communities, as users shared warnings and detailed their losses. Many cautioned against importing seed phrases into any browser extension and stressed the importance of using secure devices for cryptocurrency storage.
This Christmas Day event served as a reminder that even widely trusted wallet providers can become vectors for loss if the software or environment is compromised. The breach affected only the browser extension for a short time but resulted in significant financial losses for many users, highlighting the need for constant vigilance in the crypto space.
